cmd/tailscale,ipn,net/netutil: remove rp_filter strict mode warnings (#18863)

PR #18860 adds firewall rules in the mangle table to save outbound packet marks to conntrack and restore them on reply packets before the routing decision. When reply packets have their marks restored, the kernel uses the correct routing table (based on the mark) and the packets pass the rp_filter check. This makes the risk check and reverse path filtering warnings unnecessary. Updates #3310 Fixes tailscale/corp#37846 Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>
2026-03-04 14:09:19 -05:00
parent 26ef46bf81
commit 2c9ffdd188
14 changed files with 6 additions and 237 deletions
@@ -228,7 +228,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
        tailscale.com/feature/syspolicy                              from tailscale.com/logpolicy
        tailscale.com/feature/useproxy                               from tailscale.com/feature/condregister/useproxy
        tailscale.com/health                                         from tailscale.com/control/controlclient+
-        tailscale.com/health/healthmsg                               from tailscale.com/ipn/ipnlocal+
+        tailscale.com/health/healthmsg                               from tailscale.com/ipn/ipnlocal
        tailscale.com/hostinfo                                       from tailscale.com/client/web+
        tailscale.com/internal/client/tailscale                      from tailscale.com/tsnet+
        tailscale.com/ipn                                            from tailscale.com/client/local+